Skip to content

Commit e04c2f8

Browse files
committed
web: GitHub sentinel handling stuff
1 parent 7ba7ae7 commit e04c2f8

File tree

1 file changed

+10
-4
lines changed

1 file changed

+10
-4
lines changed

src/web/api/github.ts

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,12 +7,18 @@ import type { RequestHandler } from 'express';
77

88
export const verb = 'post';
99

10+
function gitHubHash(body: unknown): string {
11+
return crypto
12+
.createHmac('sha256', process.env.WEB_GITHUB_SECRET ?? 'No key provided.')
13+
.update(JSON.stringify(body))
14+
.digest('hex');
15+
}
16+
1017
export const handler: RequestHandler = async (req, _res) => {
11-
const { payload } = req.body as { payload: string };
1218
const signature = req.header('X-Hub-Signature-256');
13-
log({ req, body: req.body, payload, signature });
19+
const checksum = gitHubHash(req.body);
20+
log({ req, body: req.body, checksum, signature });
1421
if (!signature) throw new WebError('Signature not provided.');
15-
const SHA256 = crypto.createHash('sha256').update(req.body).digest('hex');
16-
if (signature !== SHA256) throw new WebError('Signature invalid.');
22+
if (signature !== checksum) throw new WebError('Signature invalid.');
1723
throw new WebError('Not added yet');
1824
};

0 commit comments

Comments
 (0)